Getting error 60 of curl to cygwin setup
Brian Inglis
Brian.Inglis@SystematicSW.ab.ca
Tue Mar 19 16:35:06 GMT 2024
On 2024-03-19 08:02, ASSI via Cygwin wrote:
> J M via Cygwin writes:
>> $ curl -vvvv -O https://cygwin.com/setup-x86_64.exe
>> % Total % Received % Xferd Average Speed Time Time Time
>> Current
>> Dload Upload Total Spent Left
>> Speed
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
>> 0* Host cygwin.com:443 was resolved.
>> * IPv6: (none)
>> * IPv4: 8.43.85.97
>> * Trying 8.43.85.97:443...
>> * Connected to cygwin.com (8.43.85.97) port 443
>> * ALPN: curl offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> * CApath: none
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
>> 0{ [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [70 bytes data]
>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>> { [1023 bytes data]
>> * TLSv1.2 (OUT), TLS alert, unknown CA (560):
>> } [2 bytes data]
>> * SSL certificate problem: unable to get local issuer certificate
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
>> 0
>> * Closing connection
>> curl: (60) SSL certificate problem: unable to get local issuer certificate
>> More details here: https://curl.se/docs/sslcerts.html
>>
>> curl failed to verify the legitimacy of the server and therefore could not
>> establish a secure connection to it. To learn more about this situation and
>> how to fix it, please visit the web page mentioned above.
>
> Either your cert store is corrupt or something is breaking up the SSL
> connection via MITM.
What do you see when you run these commands:
$ file /etc/pki/tls/certs/*
/etc/pki/tls/certs/ca-bundle.crt: symbolic link to
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
$ grep -c '^-----BEGIN.*CERTIFICATE-----$'
/etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:380
/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:124
/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:301
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:156
$ grep '^#\s\(ISRG\|R3\)' /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
More information about the Cygwin
mailing list